Paying a Ransom Is No Assurance That Extortion Would Stop

The healthcare sector has been substantially attacked by ransomware groups and victims frequently view giving ransom payment as the best choice to make sure a fast recovery, however, the payment doesn’t always end the extortion. Numerous victims have given ransom payments to get the decryption keys or to stop the publishing of stolen files. But the ransomware actors still continued with the extortion.

The Federal Bureau of Investigation (FBI) advocates never paying a ransom right after a ransomware attack because doing so gives the threat actors more money for their attacks, it motivates other threat groups to be involved in ransomware, and since there is no assurance that paying a ransom will result in data recovery or avert the misuse of stolen information.

A new survey carried out by the cybersecurity company Venafi helped to measure the degree to which more extortion happens. The survey has given a number of crucial data about what occurs if victims pay or don’t pay the required ransom. The survey was done on 1,506 IT security officials from the United Kingdom, United States, Benelux, Germany, France, and Australia and investigated the quickly growing threat of ransomware attacks.

Venafi stated ransomware attacks went up by 93% in the first 6 months of 2021 and by year-end ransomware attacks were being done worldwide at a rate of one per 11 seconds. 67% of organizations having 500 and up workers mentioned they had encountered a ransomware attack in the last 12 months, and 83% of ransomware attacks involved double or triple extortion strategies, where sensitive data files are stolen and money is demanded to decrypt files, avert the publishing of data, and stop attacks on consumers and suppliers.

Based on the survey, 38% of attacks concerned threats to extort victims’ clients using stolen information, 35% had threats to disclose stolen information on the dark web, and 32% had threats to notify customers that their records were stolen.

16% of clients who failed to pay the ransom demand had their details published on the dark web. 35% of victims stated they paid the ransom yet still didn’t recover their information, and 18% of victims mentioned they settled the ransom to avert the publicity of stolen information, yet the data was still posted on the dark web. 8% reported they did not pay the ransom after which the attackers tried to extort their customers.

A lot of ransomware gangs today use the ransomware-as-a-service (RaaS) model. Affiliates are employed to carry out attacks for a percentage of any ransoms they make. Whilst the RaaS operators usually give playbooks and provide guidelines for performing attacks, there is minor enforcement of compliance. Ransomware groups usually operate for brief periods and attempt to extort as much cash as possible from victims prior to ending their operations and rebranding and beginning again. There were likewise instances of ransomware gangs giving stolen information and access to systems to other cybercriminal groups irrespective of if the ransom is given, showing quite plainly that ransomware gangs are not to be trusted. A number of ransomware gangs have gotten negotiations with victims from their affiliates and have removed the affiliates and didn’t issue payment, demonstrating there is likewise no dignity among thieves.

Businesses are not ready to protect against ransomware that exfiltrates information, and therefore they give the ransom payment, nevertheless this only drives attackers to want more. The awful news is that attackers are continuing with extortion threats, despite paying the ransom.